[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices

Imre Kaloz kaloz at openwrt.org
Wed Dec 23 18:38:41 EST 2015


On Wed, 23 Dec 2015 17:27:37 +0100, Felix Fietkau <nbd at openwrt.org> wrote:

> On 2015-12-23 16:27, Bastian Bittorf wrote:
>> * Imre Kaloz <kaloz at openwrt.org> [23.12.2015 16:22]:
>>> >I'd hate to have some corner case result in bricked routers for
>>> >people who have no means of recovering from a bad flash.
>>>
>>> You can reflash from the bootloader all the time, we are talking
>>> about userland here. IMHO this should be just a normal change, like
>>> dropping telnet. Enforcing login should be on by default, specially
>>> since if one forgets the password they can just reset everything to
>>> defaults keeping the reset button pressed.
>>
>> I am against asking for a password in failsafe mode:
>> failsafe is failsafe is failsafe.
>>
>> You have to run mount_root which does _things_ and can break.
> I completely agree with this. Failsafe needs to be robust.

Failsafe can be triggered both locally and through the network and gives  
straight root access. This doesn't make it robust, it makes it insecure.


Imre
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list